Free Assessment

Axipro Privacy Policy

Effective Date: April 1, 2025

Axipro (“Axipro,” “we,” “us,” or “our”) is a cybersecurity and compliance advisory firm that helps organizations achieve and maintain trust-based frameworks such as ISO 27001, 9001, SOC 2, HIPAA, PCI DSS and DORA. We are committed to protecting the privacy and security of your personal data, and this Privacy Policy outlines how we collect, use, store, disclose, and safeguard information through our websites, platforms, tools, and services (collectively, the “Services”).

1. Scope of this Policy

This Privacy Policy applies to:

  • Visitors to our websites, including www.axipro.com and subdomains
  • Users of our compliance and audit platforms
  • Clients and prospective clients
  • Individuals interacting with Axipro through events, support, or sales outreach

This Policy does not apply to personal data processed on behalf of our clients through third-party tools like Drata, Vanta, where we act as a data processor or subprocessor. In such cases, the client’s privacy policy governs how your data is handled.

2. What Personal Data We Collect

Depending on how you interact with Axipro, we may collect the following types of personal data:

a. Identification & Contact Information

  • Full name
  • Business email address
  • Phone number
  • Job title and company name
  • Location, city, country

b. Account & Authentication Information

  • Username and encrypted password
  • Role-based access assignments
  • Audit trail of logins and activity on our platforms

c. Professional & Compliance Information

  • Employment details and responsibilities
  • Information related to compliance training, certifications, audit participation
  • Risk or control ownership, for example assigned controls in Drata

d. Technical & Device Data

  • IP address and device ID
  • Browser type and version
  • Operating system
  • Access times and pages viewed

e. Communication Data

  • Emails, chat logs, or support tickets
  • Web forms or feedback submitted through our website or platform
  • Webinar or event participation info

f. Marketing & Engagement Data

  • Newsletter subscription preferences
  • Responses to surveys or campaigns
  • Analytics data, clicks, open rates, navigation behaviour

3. How We Collect Personal Data

We collect personal data in the following ways:

  • Directly from you: via contact forms, email, demos, webinars, or events.
  • Automatically: when you use our website or platform, including cookies and device logs.
  • From third parties: referrals or channel partners, public sources like LinkedIn, or compliance platforms where we are invited as collaborators.

4. How We Use Personal Data

We use personal data to:

a. Deliver and Manage Our Services

  • Manage client accounts and access controls
  • Assist with compliance activities, audits, evidence collection, and control reviews
  • Provide technical and compliance support
  • Conduct vulnerability and penetration testing assessments

b. Operate and Improve Our Website & Platform

  • Analyse usage patterns to improve features
  • Maintain system integrity and prevent fraud
  • Conduct user experience testing and feedback loops

c. Marketing and Business Development

  • Share newsletters, event invites, or product updates, with your consent
  • Personalize communications based on role or industry

d. Legal and Regulatory Obligations

  • Respond to lawful data access requests
  • Maintain records for contractual or regulatory compliance, for example ISO 27001 clause 7.5

5. Legal Basis for Processing (EEA/UK Users)

For individuals located in the European Economic Area (EEA) or United Kingdom (UK), we rely on one or more of the following legal bases:

  • Performance of a contract – to provide our Services to you.
  • Legitimate interests – such as improving our platform or protecting against misuse.
  • Consent – for optional communications or non-essential cookies.
  • Legal obligation – when required to comply with applicable laws.

6. Sharing of Personal Data

We may share personal data with:

6.1 Subprocessors (Coprocessors)

To deliver our Services, Axipro engages trusted third parties (“Subprocessors” or “Coprocessors”) who process personal data on our behalf.

Current Subprocessor:

CategorySubprocessorPurposeData Location
Productivity SuiteMicrosoft 365 (Microsoft Corporation)Email, document storage, collaboration, and internal communicationGlobal, data centers may include EU and U.S.

Axipro performs thorough due diligence and ongoing monitoring of all third-party service providers to ensure they maintain appropriate technical and organizational measures for data protection, confidentiality, and security.

Any future subprocessors will be added to this list and communicated through updates to this Privacy Policy.

a. Service Providers

Trusted vendors who perform services on our behalf, such as:

  • Cloud infrastructure, AWS, Azure
  • Compliance automation, Drata, Vanta
  • Customer relationship tools, for example HubSpot, Salesforce
  • Email marketing providers, for example Mailchimp, Brevo

All providers are under strict data protection agreements and only process your data as instructed by Axipro.

b. Auditors and Assessors

When authorized, we share documentation and user information with third-party assessors, for example A-LIGN, Insight Assurance, EY, BARR Advisory, Prescient Security, as part of your certification journey.

c. Legal Authorities or Law Enforcement

Only when required by law, subpoena, court order, or to prevent fraud or harm.

d. Corporate Transactions

If Axipro undergoes a merger, acquisition, or asset sale, your information may be transferred to the successor entity, subject to this Privacy Policy.

7. Retention of Personal Data

We retain personal data as follows:

Data TypeRetention Period
Client audit recordsDuration of engagement +3 years
Communication data, support, email3 years from last contact
Marketing contact detailsUntil unsubscribed or 2 years of inactivity

We may retain anonymized data indefinitely for analytics or research.

8. International Data Transfers

Axipro is based in the Kingdom of Bahrain and United States. By using our services, you acknowledge that your data may be transferred to the U.S. or other jurisdictions. We implement safeguards such as:

  • Data Processing Agreements (DPAs) with Standard Contractual Clauses (SCCs)
  • Vendor due diligence aligned with ISO and GDPR standards

9. Your Privacy Rights

Depending on your region, you may have the right to:

  • Access or request a copy of your data
  • Correct inaccuracies
  • Request deletion
  • Restrict or object to processing
  • Withdraw consent, for marketing or optional data collection
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact us at: info@axipro.co

10. Security Measures

We take data protection seriously and implement the following:

  • AES-256 encryption for data at rest and TLS 1.2+ for data in transit
  • Role-based access controls and 2FA for platform access
  • SOC 2-compliant cloud infrastructure
  • Quarterly vulnerability assessments and annual penetration testing
  • Security awareness training for all personnel

11. Cookies and Tracking Technologies

Our websites use cookies and similar technologies for:

  • Performance and analytics, for example Google Analytics
  • Remembering your preferences
  • Marketing campaigns and ad tracking, for example LinkedIn Ads, Meta Pixel

You can control cookies through your browser settings or our cookie consent banner.

12. Email & Communication Preferences

We may send you:

  • Transactional messages, for example platform updates, support tickets
  • Marketing messages, for example newsletters, event invites
  • Product announcements

You can unsubscribe at any time by clicking the link in the email or contacting us at info@axipro.co.

13. Children’s Privacy

Our services are not intended for children under 16. We do not knowingly collect data from minors. If you believe a child has submitted personal information to Axipro, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated via email or a notice on our website.

15. Contact Us

If you have questions, concerns, or data requests, please contact: